-
Notifications
You must be signed in to change notification settings - Fork 7
248 lines (228 loc) · 8.09 KB
/
Copy pathnix.yaml
File metadata and controls
248 lines (228 loc) · 8.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
name: "Test Nix configurations"
on:
push:
branches: [main]
paths:
- "nix/**"
- "Makefile"
- "Makefile.d/nix.mk"
- ".github/workflows/nix.yaml"
pull_request:
paths:
- "nix/**"
- "Makefile"
- "Makefile.d/nix.mk"
- ".github/workflows/nix.yaml"
workflow_dispatch:
schedule:
# Weekly on Monday 02:00 UTC — catches nixpkgs-unstable breakage
- cron: "0 2 * * 1"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# ── Stage 1: Fast static gates (all events, run in parallel) ───────────────
fmt-check:
name: "Nix format check"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/nix-installer-action@v22
with:
extra-conf: |
extra-experimental-features = nix-command flakes
accept-flake-config = true
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: DeterminateSystems/magic-nix-cache-action@v13
- name: Check nixpkgs-fmt formatting
run: make nix/fmt/check
eval:
name: "Evaluate all NixOS host configs"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/nix-installer-action@v22
with:
extra-conf: |
extra-experimental-features = nix-command flakes
accept-flake-config = true
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: DeterminateSystems/magic-nix-cache-action@v13
- name: Evaluate all hosts
run: make nix/test/eval
check:
name: "Flake check"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/nix-installer-action@v22
with:
extra-conf: |
extra-experimental-features = nix-command flakes
accept-flake-config = true
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: DeterminateSystems/magic-nix-cache-action@v13
- name: nix flake check --no-build
run: make nix/test/check
# ── Stage 2: Derivation graph resolution per host (all events) ────────────
dry-run:
name: "Dry-run (${{ matrix.host }})"
runs-on: ubuntu-latest
needs: [fmt-check, eval, check]
strategy:
fail-fast: false
matrix:
host:
- tr
- p1
- x1
- g2
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/nix-installer-action@v22
with:
extra-conf: |
extra-experimental-features = nix-command flakes
accept-flake-config = true
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: DeterminateSystems/magic-nix-cache-action@v13
- name: Dry-run build for ${{ matrix.host }}
run: make nix/test/dry-run NIX_HOST_NAME=${{ matrix.host }}
# ── Stage 2b: Darwin build on Apple Silicon macOS (all events) ────────────
#
# Runs parallel to dry-run so macOS-specific failures surface quickly.
darwin-build:
name: "Darwin build (${{ matrix.host }})"
runs-on: macos-14
needs: [fmt-check, eval, check]
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
host:
- macbook-pro-m3
- macbook-air-m1
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/nix-installer-action@v22
with:
extra-conf: |
extra-experimental-features = nix-command flakes
accept-flake-config = true
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
# magic-nix-cache-action@v13 crashes on macos-14 (ARM64) due to a libc++
# ABI mismatch; skip it here and rely on Nix's own binary cache instead.
- name: Build Darwin system for ${{ matrix.host }}
run: make nix/test/build/darwin NIX_HOST_NAME=${{ matrix.host }}
# ── Stage 3a: Full NixOS system build (push / schedule / manual only) ──────
#
# Downloads the complete system closure from binary cache.
# Skipped on pull_request to keep PR feedback fast.
nixos-build:
name: "NixOS build (${{ matrix.host }})"
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
needs: [dry-run]
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
host:
- tr
- p1
- x1
- g2
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/nix-installer-action@v22
with:
extra-conf: |
extra-experimental-features = nix-command flakes
accept-flake-config = true
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: DeterminateSystems/magic-nix-cache-action@v13
- name: Build system closure for ${{ matrix.host }}
run: make nix/test/build NIX_HOST_NAME=${{ matrix.host }}
# ── Stage 3b: NixOS Docker eval (push / schedule / manual only) ────────────
#
# Evaluates each config inside ghcr.io/nixos/nix, validating the Docker
# fallback path used by nix-run.sh on non-NixOS hosts (no native nix).
nixos-docker:
name: "NixOS Docker (${{ matrix.host }})"
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
needs: [dry-run]
strategy:
fail-fast: false
matrix:
host:
- tr
- p1
- x1
- g2
steps:
- uses: actions/checkout@v6
- name: Pull NixOS container image
run: docker pull ghcr.io/nixos/nix:latest
- name: Evaluate config inside NixOS Docker
run: make nix/test/docker NIX_HOST_NAME=${{ matrix.host }}
# ── Stage 4: QEMU VM smoke test (push / schedule / manual only) ────────────
#
# Builds a KVM-accelerated VM and boots it headlessly; passes when the
# login prompt appears, confirming systemd and all services started cleanly.
# tr excluded: its RAID/bond/NVIDIA modules don't resolve cleanly in QEMU.
# nixos-build being skipped on pull_request automatically skips this job too.
nixos-vm:
name: "QEMU VM (${{ matrix.host }})"
runs-on: ubuntu-latest
needs: [nixos-build]
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
host:
- p1
- x1
- g2
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/nix-installer-action@v22
with:
extra-conf: |
extra-experimental-features = nix-command flakes
accept-flake-config = true
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: DeterminateSystems/magic-nix-cache-action@v13
- name: Enable KVM access
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \
| sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
- name: Build VM image for ${{ matrix.host }}
run: make nix/test/vm/build NIX_HOST_NAME=${{ matrix.host }}
- name: Boot VM and wait for login prompt
run: |
QEMU_NET_OPTS="hostfwd=tcp::2222-:22" \
QEMU_OPTS="-m 2048 -smp 2 -enable-kvm -display none -no-reboot" \
./nix/result/bin/run-${{ matrix.host }}-vm >/tmp/vm.log 2>&1 &
VM_PID=$!
echo "Waiting for NixOS login prompt (up to 3 min)..."
for i in $(seq 1 60); do
if grep -qE "login:|<<< NixOS" /tmp/vm.log 2>/dev/null; then
echo "VM booted successfully"
kill "$VM_PID" 2>/dev/null || true
exit 0
fi
if ! kill -0 "$VM_PID" 2>/dev/null; then
echo "VM process exited unexpectedly"
cat /tmp/vm.log || true
exit 1
fi
sleep 3
done
echo "Timed out waiting for VM boot"
echo "=== serial output ==="
cat /tmp/vm.log || true
kill "$VM_PID" 2>/dev/null || true
exit 1